aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-03-11 15:42:01 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-03-11 15:42:01 +0000
commit4f14063dcffe203b68d1456c28b11d33acb6326d (patch)
tree3bb7032df69bd634afca8d0a17283bf5522f72be
parentd17fe6bfce3ff90d38ae641715d07a68ab171be6 (diff)
downloadrspamd-4f14063dcffe203b68d1456c28b11d33acb6326d.tar.gz
rspamd-4f14063dcffe203b68d1456c28b11d33acb6326d.zip
[Feature] Improve dkim part in configwizard
-rw-r--r--lualib/rspamadm/configwizard.lua90
1 files changed, 87 insertions, 3 deletions
diff --git a/lualib/rspamadm/configwizard.lua b/lualib/rspamadm/configwizard.lua
index 75fdb96aa..5949dceb4 100644
--- a/lualib/rspamadm/configwizard.lua
+++ b/lualib/rspamadm/configwizard.lua
@@ -23,6 +23,7 @@ local lua_stat_tools = require "lua_stat"
local lua_redis = require "lua_redis"
local ucl = require "ucl"
local argparse = require "argparse"
+local fun = require "fun"
local plugins_stat = require "plugins_stats"
@@ -51,7 +52,9 @@ parser:argument "checks"
local redis_params
local function printf(fmt, ...)
- io.write(string.format(fmt, ...))
+ if fmt then
+ io.write(string.format(fmt, ...))
+ end
io.write('\n')
end
@@ -264,6 +267,70 @@ local function setup_dkim_signing(cfg, changes)
return string.sub(path, 1, string.len(path) - 1)
end
+ printf('How would you like to set up DKIM signing?')
+ printf('1. Use domain from %s for sign', highlight('mime from header'))
+ printf('2. Use domain from %s for sign', highlight('SMTP envelope from'))
+ printf('3. Use domain from %s for sign', highlight('authenticated user'))
+ printf('4. Sign all mail from %s', highlight('specific networks'))
+ printf()
+
+ local sign_type = readline_default('Enter your choice (1, 2, 3, 4) [default: 1]: ', '1')
+ local sign_networks
+ local allow_mismatch
+ local auth_only
+ local use_esld
+ local sign_domain
+
+ local defined_auth_types = {'header', 'envelope', 'auth', 'recipient'}
+
+ if sign_type == '4' then
+ repeat
+ sign_networks = readline_default('Enter list of networks to perform dkim signing: ',
+ '')
+ until #sign_networks ~= 0
+
+ sign_networks = fun.totable(fun.map(lua_util.rspamd_str_trim,
+ lua_util.str_split(sign_networks, ',; ')))
+ printf('What domain would you like to use for signing?')
+ printf('* %s to use mime from domain', highlight('header'))
+ printf('* %s to use SMTP from domain', highlight('envelope'))
+ printf('* %s to use domain from SMTP auth', highlight('auth'))
+ printf('* %s to use domain from SMTP recipient', highlight('recipient'))
+ printf('* anything else to use as a %s domain (e.g. `example.com`)', highlight('static'))
+ printf()
+
+ sign_domain = readline_default('Enter your choice [default: header]: ', 'header')
+ else
+ if sign_type == '1' then
+ sign_domain = 'header'
+ elseif sign_domain == '2' then
+ sign_domain = 'envelope'
+ else
+ sign_domain = 'auth'
+ end
+ end
+
+ if sign_type ~= '3' then
+ auth_only = ask_yes_no(
+ string.format('Do you want to sign mail from %s only? ',
+ highlight('authenticated users')), true)
+ else
+ auth_only = true
+ end
+
+ if fun.any(function(s) return s == sign_domain end, defined_auth_types) then
+ -- Allow mismatch
+ allow_mismatch = ask_yes_no(
+ string.format('Allow data %s, e.g. if mime from domain is not equal to authenticated user domain? ',
+ highlight('mismatch')), true)
+ -- ESLD check
+ use_esld = ask_yes_no(
+ string.format('Do you want to use %s domain (e.g. example.com instead of foo.example.com)? ',
+ highlight('effective')), true)
+ else
+ allow_mismatch = true
+ end
+
local domains = {}
local has_domains = false
@@ -281,12 +348,12 @@ local function setup_dkim_signing(cfg, changes)
end
local function print_domains()
- print("Domains configured:")
+ printf("Domains configured:")
for k,v in pairs(domains) do
printf("Domain: %s, selector: %s, privkey: %s", highlight(k),
v.selector, v.privkey)
end
- print("--")
+ printf("--")
end
repeat
@@ -333,6 +400,23 @@ local function setup_dkim_signing(cfg, changes)
until not ask_yes_no("Do you wish to add another DKIM domain?")
changes.l['dkim_signing.conf'] = {domain = domains}
+ local res_tbl = changes.l['dkim_signing.conf']
+
+ if sign_networks then
+ res_tbl.sign_networks = sign_networks
+ res_tbl.use_domain_sign_networks = sign_domain
+ else
+ res_tbl.use_domain = sign_domain
+ end
+
+ if allow_mismatch then
+ res_tbl.allow_hdrfrom_mismatch = true
+ res_tbl.allow_hdrfrom_mismatch_sign_networks = true
+ res_tbl.allow_username_mismatch = true
+ end
+
+ res_tbl.use_esld = use_esld
+ res_tbl.auth_only = auth_only
end
local function check_redis_classifier(cls, changes)